GHSA-wh6w-69xc-5rq5

Source

https://github.com/advisories/GHSA-wh6w-69xc-5rq5

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-wh6w-69xc-5rq5/GHSA-wh6w-69xc-5rq5.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-wh6w-69xc-5rq5

Aliases

Published

2022-06-07T00:00:33Z

Modified

2024-02-21T05:37:07.551306Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Improper Check for Unusual or Exceptional Conditions in Elasticsearch

Details

A Denial of Service flaw was discovered in Elasticsearch 8.0.0 through 8.2.0. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. Version 8.2.1 contains a patch.

Database specific

{
    "nvd_published_at": "2022-06-06T18:15:00Z",
    "cwe_ids": [
        "CWE-754"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-07T21:15:18Z"
}

References

Affected packages

Maven / org.elasticsearch:elasticsearch

Package

Name: org.elasticsearch:elasticsearch; View open source insights on deps.dev
Purl: pkg:maven/org.elasticsearch/elasticsearch

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.2.1

Affected versions

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.1.3

8.2.0